summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rpc/rpc-transport/socket/src/socket.c8
-rw-r--r--rpc/rpc-transport/socket/src/socket.h1
2 files changed, 9 insertions, 0 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index 2860d397d59..bcc73016382 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -4115,6 +4115,14 @@ socket_init (rpc_transport_t *this)
sizeof(priv->ssl_session_id));
SSL_CTX_set_verify(priv->ssl_ctx,SSL_VERIFY_PEER,0);
+
+ /*
+ * Since glusterfs shares the same settings for client-side
+ * and server-side of SSL, we need to ignore any certificate
+ * usage specification (SSL client vs SSL server), otherwise
+ * SSL connexions will fail with 'unsupported cerritifcate"
+ */
+ SSL_CTX_set_purpose(priv->ssl_ctx, X509_PURPOSE_ANY);
}
if (priv->own_thread) {
diff --git a/rpc/rpc-transport/socket/src/socket.h b/rpc/rpc-transport/socket/src/socket.h
index 57676ac2cc7..238c1457e4d 100644
--- a/rpc/rpc-transport/socket/src/socket.h
+++ b/rpc/rpc-transport/socket/src/socket.h
@@ -13,6 +13,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#include <openssl/x509v3.h>
#ifdef ERR_R_DH_LIB
#include <openssl/dh.h>
#endif
generated by cgit (git 2.34.1) at 2025-11-04 10:01:28 +0000